Recommended Practice

Developing a Cybersecurity Program That Meets an Agency’s Needs


This recommended practice provides planning tools to help transit agency security professionals address cybersecurity risks in a sustainable and effective way that aligns with the agency’s vision and mission.

Document History
Document Number Version Publication Date Publication Related Information
APTA SS-ECS-RP-004-23 Original 05/31/23 Published Current


cybersecurity, information security, risk management


Even the most seasoned security professional can’t tackle all elements of developing a cybersecurity program single-handedly, nor will doing so in a vacuum result in an effective, well-rounded program. Help is required to acquire the managerial, financial and organizational support needed. A solid cybersecurity program is based on a well-informed strategy that aligns with an agency’s wants and needs. This recommended practice provides strategic planning tools and principles to help security professionals understand the drivers for cybersecurity in an agency, see how those map to the agency’s vision and mission, identify stakeholders in a cybersecurity program, and establish a steering committee of stakeholders to help develop an effective, well-supported and sustainable program.

​Get Involved

Want to participate in the development of this document? Join a Working Group or Learn More

Related Documents

​ ​​

Print Friendly, PDF & Email